Port 1170 sits in the registered port range (1024-49151) but has no official IANA assignment. That hasn't stopped it from being used—by both legitimate software and malware.
What Is the Registered Port Range?
Ports 1024-49151 are registered ports. Unlike well-known ports (0-1023), which are tightly controlled, registered ports can be formally registered with IANA1 for specific services, but registration isn't enforced. Applications can use these ports without official approval.
This creates an interesting situation: ports in this range might have official assignments, unofficial uses, or both. Port 1170 falls into the "no official assignment, but definitely being used" category.
Known Unofficial Uses
Port 1170 has been associated with two main uses:
Remote Administrator (Radmin) — Some versions or configurations of Radmin, a legitimate remote desktop administration tool, have used port 11702. Radmin allows IT administrators to access and control computers remotely for support and management.
Psyber Stream Server (PSS) — Port 1170 is also associated with the Psyber Stream Server trojan3, malware that gives attackers remote access to infected machines. Security databases list it as a known malicious use of this port.
The irony: both uses involve remote access. One is legitimate IT administration. The other is unauthorized intrusion. The capability is identical—only the consent differs.
Why This Matters
If you see traffic on port 1170, you can't immediately know whether it's legitimate remote administration or malicious activity. Context matters:
- In a corporate environment with Radmin deployed: probably legitimate
- On a home computer you didn't install remote administration software on: investigate immediately
- Inbound connections from unknown sources: suspicious
Security Considerations
Port 1170's association with both legitimate remote administration and trojans makes it worth monitoring:
If you're running legitimate software on this port:
- Use strong authentication
- Encrypt all traffic
- Restrict access to known IP addresses
- Keep the software updated
- Document what's using the port
If you didn't install anything on this port:
- Check what's listening:
netstat -an | grep 1170(macOS/Linux) ornetstat -an | findstr 1170(Windows) - Investigate any unexpected services
- Run malware scans if you find unauthorized listeners
Checking What's Using Port 1170
On macOS or Linux:
On Windows:
This shows you what process, if any, is listening on or connected to port 1170.
The Nature of Unassigned Ports
Port 1170 demonstrates why unassigned ports exist in the registered range. Not every application needs official IANA approval to function. The space between "officially assigned" and "actively used" is where much of the Internet's actual behavior lives.
But that freedom comes with responsibility. When you choose an unassigned port for your application, you're making a bet that no one else will claim it—and that future security tools won't flag it as suspicious.
Port 1170's history shows both sides: useful for legitimate purposes, exploited for malicious ones, and impossible to judge without context.
Related Ports
Port 4899 — The official IANA-assigned port for Radmin4, used by more recent versions of the software Port 3389 — Microsoft Remote Desktop Protocol (RDP), another remote administration protocol Port 5900 — VNC (Virtual Network Computing), yet another remote desktop protocol
Frequently Asked Questions
Czy ta strona była pomocna?